create-zudo-doc 0.2.19 → 0.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/scaffold.js +7 -5
- package/package.json +1 -1
- package/templates/base/pages/lib/_doc-page-shell.tsx +1 -1
- package/templates/base/pages/lib/_sidebar-prepaint.tsx +19 -7
- package/templates/features/tauri/files/src-tauri/capabilities/default.json +1 -4
- package/templates/features/tauri/files/src-tauri/tauri.conf.json +1 -1
- package/templates/features/tauriDev/files/src-tauri-dev/capabilities/default.json +1 -1
package/dist/scaffold.js
CHANGED
|
@@ -448,11 +448,11 @@ function generatePackageJson(choices) {
|
|
|
448
448
|
// stability, multi-valued response headers (e.g. multiple Set-Cookie),
|
|
449
449
|
// supplementary-plane CJK reading-time, plus CLI/server/runtime hardening
|
|
450
450
|
// and render perf passes. No consumer-facing / CLI breaking change.
|
|
451
|
-
"@takazudo/zfb": "0.1.0-next.
|
|
452
|
-
"@takazudo/zfb-runtime": "0.1.0-next.
|
|
451
|
+
"@takazudo/zfb": "0.1.0-next.59",
|
|
452
|
+
"@takazudo/zfb-runtime": "0.1.0-next.59",
|
|
453
453
|
// zfb-adapter-cloudflare — required for any route with `prerender = false`.
|
|
454
454
|
// Pinned in lockstep with @takazudo/zfb.
|
|
455
|
-
"@takazudo/zfb-adapter-cloudflare": "0.1.0-next.
|
|
455
|
+
"@takazudo/zfb-adapter-cloudflare": "0.1.0-next.59",
|
|
456
456
|
// @takazudo/zudo-doc — published from this monorepo via
|
|
457
457
|
// .github/workflows/publish-zudo-doc.yml. The pin here is bumped in
|
|
458
458
|
// lockstep by scripts/release-create-zudo-doc.sh whenever zudo-doc's
|
|
@@ -464,7 +464,7 @@ function generatePackageJson(choices) {
|
|
|
464
464
|
// ties this pin to packages/zudo-doc's version, so the lockstep release
|
|
465
465
|
// bumps both together; do not cut a create-zudo-doc release until the
|
|
466
466
|
// matching @takazudo/zudo-doc version (with content.css) is on npm.
|
|
467
|
-
"@takazudo/zudo-doc": "^0.2.
|
|
467
|
+
"@takazudo/zudo-doc": "^0.2.21",
|
|
468
468
|
// zod — used by the generated zfb.config.ts. zfb-config-gen emits
|
|
469
469
|
// `import { z } from "zod"` for the content-collection schema +
|
|
470
470
|
// `z.toJSONSchema(...)` conversion. Without this dep, the consumer
|
|
@@ -518,7 +518,7 @@ function generatePackageJson(choices) {
|
|
|
518
518
|
// @takazudo/zudo-doc/integrations/doc-history which in turn imports
|
|
519
519
|
// @takazudo/zudo-doc-history-server/git-history. Without this dep the
|
|
520
520
|
// plugin host fails at init with ERR_MODULE_NOT_FOUND — W8A (#1739).
|
|
521
|
-
deps["@takazudo/zudo-doc-history-server"] = "^0.2.
|
|
521
|
+
deps["@takazudo/zudo-doc-history-server"] = "^0.2.21";
|
|
522
522
|
// W7A (#1736): doc-history-plugin.mjs spawns `tsx -e <inline-script>` to
|
|
523
523
|
// run the v2 runtime in a TS-aware Node subprocess; without tsx the
|
|
524
524
|
// plugin's preBuild step exits with ENOENT before zfb finishes config
|
|
@@ -571,6 +571,8 @@ function generatePackageJson(choices) {
|
|
|
571
571
|
}
|
|
572
572
|
if (choices.features.includes("skillSymlinker")) {
|
|
573
573
|
scripts["setup:doc-skill"] = "bash scripts/setup-doc-skill.sh";
|
|
574
|
+
scripts["setup:doc-skill-silent"] =
|
|
575
|
+
"bash scripts/setup-doc-skill.sh --silent";
|
|
574
576
|
}
|
|
575
577
|
const runCmd = choices.packageManager === "npm" || choices.packageManager === "bun" ? `${choices.packageManager} run` : choices.packageManager;
|
|
576
578
|
// claudeSkills ships the zudo-doc-version-bump skill, whose release workflow
|
package/package.json
CHANGED
|
@@ -215,7 +215,7 @@ export function DocPageShell(props: DocPageShellProps): JSX.Element {
|
|
|
215
215
|
}
|
|
216
216
|
tocOverride={tocOverride}
|
|
217
217
|
mobileTocOverride={mobileTocOverride}
|
|
218
|
-
afterSidebar={<SidebarPrepaint />}
|
|
218
|
+
afterSidebar={<SidebarPrepaint hideSidebar={hideSidebar} />}
|
|
219
219
|
footerOverride={<FooterWithDefaults lang={locale} />}
|
|
220
220
|
bodyEndComponents={<DocBodyEnd />}
|
|
221
221
|
enableClientRouter={settings.dynamicPageTransition}
|
|
@@ -23,23 +23,35 @@ import { Island } from "@takazudo/zfb";
|
|
|
23
23
|
import { settings } from "@/config/settings";
|
|
24
24
|
import DesktopSidebarToggle from "@/components/desktop-sidebar-toggle";
|
|
25
25
|
|
|
26
|
+
/** Props for {@link SidebarPrepaint}. */
|
|
27
|
+
export interface SidebarPrepaintProps {
|
|
28
|
+
/**
|
|
29
|
+
* Mirrors the page's `hide_sidebar: true` frontmatter. When true the desktop
|
|
30
|
+
* toggle is skipped — there is no visible sidebar for it to collapse.
|
|
31
|
+
*/
|
|
32
|
+
hideSidebar?: boolean;
|
|
33
|
+
}
|
|
34
|
+
|
|
26
35
|
/**
|
|
27
36
|
* The `afterSidebar` slot content shared by all four doc-route page components.
|
|
28
37
|
*
|
|
29
38
|
* Returns the pre-paint localStorage script + `DesktopSidebarToggle` Island
|
|
30
|
-
* when `settings.sidebarToggle` is enabled
|
|
31
|
-
*
|
|
39
|
+
* when `settings.sidebarToggle` is enabled AND the page actually shows a
|
|
40
|
+
* sidebar; returns `undefined` when the toggle is disabled or the page hides
|
|
41
|
+
* the sidebar (matching the conditional the route files used inline).
|
|
32
42
|
*/
|
|
33
|
-
export function SidebarPrepaint(
|
|
34
|
-
|
|
43
|
+
export function SidebarPrepaint({
|
|
44
|
+
hideSidebar,
|
|
45
|
+
}: SidebarPrepaintProps): JSX.Element | undefined {
|
|
46
|
+
if (!settings.sidebarToggle || hideSidebar) return undefined;
|
|
35
47
|
|
|
36
48
|
return (
|
|
37
49
|
<>
|
|
38
50
|
{/* Pre-paint inline script: restore persisted sidebar visibility to
|
|
39
51
|
<html data-sidebar-hidden> before first paint to avoid flash.
|
|
40
|
-
|
|
41
|
-
is only set when localStorage says "false"
|
|
42
|
-
needs no attribute and causes no layout shift. */}
|
|
52
|
+
Rendered only when the toggle is enabled and the page shows a
|
|
53
|
+
sidebar; the attribute is only set when localStorage says "false"
|
|
54
|
+
so the default (visible) needs no attribute and causes no layout shift. */}
|
|
43
55
|
<script dangerouslySetInnerHTML={{
|
|
44
56
|
__html: `(function(){try{if(localStorage.getItem('zudo-doc-sidebar-visible')==='false'){document.documentElement.setAttribute('data-sidebar-hidden','');}}catch(e){}})();`,
|
|
45
57
|
}} />
|
|
@@ -1,10 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"identifier": "default",
|
|
3
|
-
"description": "Default capabilities for the main window",
|
|
3
|
+
"description": "Default capabilities for the main window. The shipped offline reader loads the embedded dist/ via the tauri:// protocol (WebviewUrl::App), so it needs no remote-origin grant. The previous `remote.urls: http://localhost:*/**` grant was dropped (zudolab/zudo-doc#2240) so no localhost-served page can reach core:default. `cargo tauri dev` still loads http://localhost:4321, but the zudo-doc site invokes no Tauri commands, so it does not need the grant either.",
|
|
4
4
|
"windows": ["main"],
|
|
5
|
-
"remote": {
|
|
6
|
-
"urls": ["http://localhost:*/**"]
|
|
7
|
-
},
|
|
8
5
|
"permissions": [
|
|
9
6
|
"core:default"
|
|
10
7
|
]
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
"app": {
|
|
11
11
|
"windows": [],
|
|
12
12
|
"security": {
|
|
13
|
-
"csp":
|
|
13
|
+
"csp": "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; img-src 'self' data:; font-src 'self' data: https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://esm.sh; connect-src 'self' https://esm.sh https://cdn.jsdelivr.net"
|
|
14
14
|
}
|
|
15
15
|
},
|
|
16
16
|
"bundle": {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"identifier": "default",
|
|
3
|
-
"description": "Default capabilities for the main window",
|
|
3
|
+
"description": "Default capabilities for the main window. TRUST NOTE (zudolab/zudo-doc#2240): Mode 2 displays an arbitrary, user-configured localhost project in this webview, and `remote.urls` grants core:default to any http://localhost:*/** origin. Combined with withGlobalTauri (required by frontend/index.html's launch-error listener + retry_launch invoke), a malicious dependency in the wrapped project would gain Tauri reach. This is an accepted trust assumption for a developer-only wrapper: only point Mode 2 at projects you trust. The grant is intentionally dev-scoped (localhost only). Narrowing it to the single configured port, or splitting the local-frontend capability from the remote-project capability, is tracked as a future hardening.",
|
|
4
4
|
"windows": ["main"],
|
|
5
5
|
"remote": { "urls": ["http://localhost:*/**"] },
|
|
6
6
|
"permissions": ["core:default"]
|